Millions of OMEN HP Gaming PCs At Risk of Cyberattack due to Driver Vulnerability
Millions of HP OMEN Laptops and Gaming Desktops are at risk of cyberattacks due to a Severe Vulnerability (CVE-2021-3437). Exploiting the issue allows attackers to cause a denial of service state or to elevate privileges on the system and disable security solutions.
The problem is in the driver used by the OMEN Gaming Hub software. The software is preinstalled on all HP OMEN desktops and notebooks. The vulnerability stems from HP’s decision to use vulnerable code copied in part from WinRing0.sys (an open source driver) to create the HpPortIox64.sys driver that OMEN Gaming Hub software uses to read and write kernel memory, PCI configurations, input ports, and output and Model-specific register.
The vulnerability affects HP OMEN Gaming Hub versions prior to 220.127.116.11 and HP OMEN Gaming Hub SDK Package versions prior to 1.0.44. The issue affects OMEN and HP Pavilion gaming laptops and HP ENVY, HP Pavilion and OMEN desktop gaming systems.
The OMEN Gaming Hub can be used to enhance your gaming experience by overclocking, optimizing system settings for different game profiles, adjusting the lighting of your gaming devices and accessories, and more.Considering that the software can also be downloaded from the Microsoft Store and installed on any computer running Windows 10 with peripheral accessories marketed under the HP OMEN brand, the problem affects millions of computers worldwide.
By elevating privileges to SYSTEM on HP OMEN devices, attackers can easily disable security solutions, overwrite system components with malicious data, damage the underlying operating system, or perform any other malicious action of their choice.
HP has released fixes for this vulnerability.
Catch up on more articles here
Follow us on Twitter here